MCUs, Memory Balance Security, Performance

TORONTO – As the number of connected devices increases exponentially, so does the need for encryption. Thanks to the BYOD phenomenon, self-encrypted SSDs are finding their way into the enterprise to secure data regardless of operating system, while the Internet of Things is also driving the need for encryption, and in some cases it makes sense to do it at the micro-controller (MCU) level.

Adib Ghubril, research director at Gartner, said there are a number of benefits to encrypting data at the micro-controller level, including performance, power efficiency, and improved data protection. Since security is implemented at the hardware level it’s more difficult to hack, he said.

Of course, any application running a wireless interface benefits from encryption, Ghubril noted, including networked appliances such as smart meters or any intelligent IoT devices, and many of these devices are best enabled by MCUs, including encryption for their wireless payloads.

Microchip Technology recently expanded its line of eXtreme Low Power (XLP) PIC MCUs with the PIC24F GB2 family that includes an integrated hardware crypto engine, a random number generator and one-time-programmable key storage for protecting data in embedded applications.

Alexis Alcott, product marketing manager for Microchip’s MCU16 division, said the GB2 devices include up to 128 KB Flash and 8 KB RAM in small 28- or 44-pin packages, and are targeted at battery-operated or portable applications such as IoT sensor nodes, access control systems, and door locks. She said one of the chief concerns of customers is securing devices and data without hurting battery life, and many IoT devices are part of larger systems sharing data through Bluetooth or WiFi connectivity, which must be secure.

Wearables, including medical devices, are one of the fastest growing IoT segments for Microchip, said Alcott, and securing sensitive medical information, particularly from patients, is a chief concern. Another scenario she described was use of sensors to monitor humidity levels in a museum, which would turn on periodically to gather data and send it to central location. The device itself would not process the information, but it would have to be encrypted both at rest and while being transmitted, said Alcott. The recipient of the data must decrypt the data to read it.

Given the number of small devices that might be distributed, performing maintenance on the devices, including battery replacement, is costly and time consuming, and Alcott said providing encryption at the MCU level allows for more efficient power consumption, since less software overhead frees up CPU bandwidth and memory, and Microchip’s GB2 devices operate at a lower CPU frequency to save power.

Ghubril said Microchip’s offering is not particularly unique from an encryption perspective, but one of the most power conscious. Many vendors are offering MCUs with encryption features, he said, including Spansion, STMicro, NXP, Infineon, and Toshiba.

One of the chief concerns of users when adding features such as encryption to MCUs and SSDs is their effect on performance. A survey released by the Storage Networking Industry Association earlier this year found respondents had little interest in using built-in encryption features. Even though many SSDs being shipped today have data protection and encryption features built in, often those capabilities are not being switched on by OEMs, due to the misconception that encryption can reduce performance.

Meanwhile, the major SSD makers have been releasing updated self-encryption devices (SEDs). At the beginning of year, Samsung added new features to its 840 EVO SSD that work with third-party security software, while SanDisk announced in May early members of its ecosystem of ISVs for security management to support its recently announced X300 SSD, the company’s first self-encrypting SSD based on TCG Opal 2.0 specifications.